Differential D9259 Diff 25542 tests/manual/test_linkage.c

Changeset View

Standalone View

tests/manual/test_linkage.c

This file was added.

		1		/*
		2		* Copyright 2018 Ivan Middleton <TODO>
		3		* Copyright 2018 Milian Wolff <mail@milianw.de>
		4		*
		5		* This library is free software; you can redistribute it and/or
		6		* modify it under the terms of the GNU Lesser General Public
		7		* License as published by the Free Software Foundation; either
		8		* version 2.1 of the License, or (at your option) any later version.
		9		*
		10		* This library is distributed in the hope that it will be useful,
		11		* but WITHOUT ANY WARRANTY; without even the implied warranty of
		12		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		13		* Lesser General Public License for more details.
		14		*
		15		* You should have received a copy of the GNU Lesser General Public
		16		* License along with this library; if not, write to the Free Software
		17		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
		18		*/
		19
		20		/*
		21		By default, the linker uses lazy binding (function calls aren't
		22		resolved until the first time the function is called).
		23
		24		Relevant sections of the executable for lazy binding:
		25		.plt (trampoline code)
		26		.got.plt (function addresses cached here)
		27		.rela.plt (relocation entries associating each function name
		28		with its storage location in .got.plt)
		29
		30		But symbols can also be bound right away when the executable or
		31		shared library is started or loaded.
		32
		33		Relevant sections for immediate binding:
		34		.plt.got (trampoline code)
		35		.got (function addresses stored here)
		36		.rela.dyn (relocation entries)
		37
		38		Immediate binding can be triggered in a couple different ways:
		39
		40		(1) The linker option "-z now" makes all symbols use immediate
		41		binding. Compile this file as follows to see this in action:
		42
		43		gcc -Wl,-z,now -o testbind testbind.c
		44
		45		Why might this linker option be used? See:
		46
		47		https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_BINDNOW_.28ld_-z_now.29
		48
		49		Note that this seems to be platform dependant and is not always reproducible.
		50
		51		(2) If a particular function has a pointer to it passed around,
		52		then it must be bound immediately. Define TAKE_ADDR, i.e. compile with
		53
		54		gcc -g -O0 -fuse-ld=bfd -DTAKE_ADDR -o testbind testbind.c
		55
		56		to see this behavior. Note that ld.gold does not show this behavior.
		57
		58		The heaptrack_inject function needs to look in both .rela.plt
		59		(DT_JMPREL) and .rela.dyn (DT_RELA) in order to find all
		60		malloc/free function pointers, lazily-bound or no.
		61
		62		There is also another option which is currently not handled by heaptrack:
		63		When do not rewrite data segments, which would be required to catch accessing
		64		a given symbol through a function pointer (-DUSE_FREEPTR).
		65
		66		Use the run_linkage_tests.sh bash script to check the behavior in an automated fashion.
		67		*/
		68
		69		#include <stdlib.h>
		70		#include <unistd.h>
		71
		72		void escape(void *p)
		73		{
		74		asm volatile("" : : "g"(p) : "memory");
		75		}
		76
		77		int main()
		78		{
		79		int i = 0;
		80
		81		#if defined(TAKE_ADDR) \|\| defined(USE_FREEPTR)
		82		void (freePtr)(void) = &free;
		83
		84		escape(freePtr);
		85		#endif
		86
		87		sleep(1);
		88
		89		for (i = 0; i < 10; ++i) {
		90		void* foo = malloc(256);
		91		escape(foo);
		92
		93		usleep(200);
		94		#if defined(USE_FREEPTR)
		95		freePtr(foo);
		96		#else
		97		free(foo);
		98		#endif
		99		usleep(200);
		100		}
		101		return 0;
		102		}